The Admin Guy’s Bloghttps://theadminguy.com
A blog for the impatient System AdministratorsThu, 05 Jul 2018 04:44:20 +0000enhourly1http://wordpress.com/https://s0.wp.com/i/buttonw-com.pngThe Admin Guy’s Bloghttps://theadminguy.com
The circumstance of the nested application data folderhttps://theadminguy.com/2012/10/17/the-circumstance-of-the-nested-application-data-folder/
https://theadminguy.com/2012/10/17/the-circumstance-of-the-nested-application-data-folder/#commentsWed, 17 Oct 2012 20:57:13 +0000http://theadminguy.wordpress.com/?p=158So in my inbox I find a report of an issue where the backup is failing on one of our servers.

This made me scratch my head, as the file system on the server is NTFS, so someone saving a file to a path longer than 260 including the filename would be unlikely. However I have previously seen backup software create this scenario, when backing up MacBooks to a Windows file server.

So first order of business, find the path with the problem.

Using psexec to run powershell as NT AUTHORITY\SYSTEM (to avoid access denied errors):

c:\>psexec -is powershell

and then running the following powershell command:

PS C:\> get-childitem -Recurse -ErrorAction STOP

it would only be a short time before the path was found.

But no joy. The command finished without errors.

So some more head scratching…

Using the backup application, I eventually found that the problem was in a users profile folder, more specifically once the backup application hit the “c:\users\theuser\AppData\Local\Application Data” folder it found another “Application Data” folder and then another underneath and another and another … until it hit the 1024 maximum and threw the error seen above

First the basics, from NT 6.0 (Vista and newer) this Application Data folder is actually a junction pointing to “c:\Users\theuser\AppData\Local”

If this permission is removed, for instance by an admin who does not know that it is supposed to be there, then a browse into the folder with Windows Explorer will actually create a new folder, so that we now have “c:\Users\theUser\Appdata\local\Application Data\Application Data”

Do this enough times and we hit the error with the backup application. The above nested folder creation can also happen when using Robocopy

But why did the simple powershell test not catch this. Well, that is because I am a dork, and forgot about the fact of hidden folders… the command should have been:

PS C:\> get-childitem -Recurse -Force -ErrorAction STOP

Well now that this is cleared up, a cleanup task is required to remove the broken application data folder, but how to do that. Using Windows explorer – error. Appears that the mischievous admin broke some more permissions. That is easy to fix. First take ownership:

C:\Users\theUser\AppData\Local> takeown /F * /A /R /D Y

then, reset permissions:

C:\Users\theUser\AppData\Local> icacls * /reset /T /Q

But that errors out as well.

So I need a program that ignores permissions and can delete these long paths, and any file which may reside in the folders. Robocopy can do that:

The /B instructs Robocopy to run in backup mode, which disregards file permissions. /Purge removes anything in the destination which is not in the source.

Final step is to fix the permissions on the Application data folder.

Note of course that the above does not consider the impact on the users profile, so use at own risk.

/theadminguy

]]>https://theadminguy.com/2012/10/17/the-circumstance-of-the-nested-application-data-folder/feed/1The Admin GuyExport DHCP leases to HTML– version 2https://theadminguy.com/2012/03/27/export-dhcp-lease-to-html-version-2/
https://theadminguy.com/2012/03/27/export-dhcp-lease-to-html-version-2/#commentsTue, 27 Mar 2012 00:35:14 +0000http://theadminguy.wordpress.com/?p=148An updated version of the previous script, now with the ability to export the MAC to the HTML as well as dumping all scopes to individual HTML and .csv files

This will dump the DHCP scope 10.10.10.10 including the MAC to an HTML file as well as a csv file.

Export-dhcptohtml.ps1 –dhcpserver 1.1.1.1 -scope ALL

This will dump all scopes on the dhcp server to individual HTML and .csv files.

Do post a comment, suggestion or request.

[Update 29-05-2012] – Added missing – (dash) in second example

/theadminguy

]]>https://theadminguy.com/2012/03/27/export-dhcp-lease-to-html-version-2/feed/10The Admin GuyCopy certificates from one server to anotherhttps://theadminguy.com/2012/01/22/copy-certificates-from-one-server-to-another/
https://theadminguy.com/2012/01/22/copy-certificates-from-one-server-to-another/#commentsSun, 22 Jan 2012 23:34:46 +0000http://theadminguy.wordpress.com/?p=141So for some reason, which until now remains a mystery, certificates where missing in the Trusted root certificate authorities certificate store on one of our servers.

Of course one of the missing ones, was the one needed for a main part of the servers purpose, so that had to be fixed.

While the certificates mmc does permit the export on the source server and the import onto the broken one, working in the GUI, is just….

Don’t judge me by the fact that the .Synopsis part of the script takes up half the lines in the script, but not being a programmer by trade, I am trying to improve on my documentation skills (as well as making myself able to reuse the script once I have forgotten it’s original purpose)

The script can be easily modified to also remove certs from the target, which is not present on the source.

Do let me know all your input, thoughts etc.

/theadminguy

]]>https://theadminguy.com/2012/01/22/copy-certificates-from-one-server-to-another/feed/1The Admin GuyPowershell One-Liners – Process Monitorhttps://theadminguy.com/2012/01/01/powershell-one-liners-process-monitor/
https://theadminguy.com/2012/01/01/powershell-one-liners-process-monitor/#commentsSun, 01 Jan 2012 18:58:42 +0000http://theadminguy.wordpress.com/?p=135As a server admin, I often face a situation where I have to perform an action on the server, but some process is running, and I have to wait.

Rather than sitting around checking the server every 5 minutes, I set a Powershell one-liner monitor with notification:

This will delete files older than 5 days in the targeted folder (IIS_logs) and all subfolders

I have tried to wrap this in a schtasks command, so far been unsuccessful.

In the Windows Server 2008 R2 GUI:

Task Scheduler

Create a basic task

Give it a name and a description

Choose the Task trigger and the properties for the selected trigger

Choose the action (start a program)

Add the path for powershell.exe in the program/script box and everything following to the Add arguments (optional) box

Review and Finish.

/theadminguy

]]>https://theadminguy.com/2011/07/28/powershell-one-liners-folder-cleaning/feed/0The Admin GuyimagePowershell One-liners – IP scannerhttps://theadminguy.com/2011/06/20/powershell-one-liners-ip-scanner/
https://theadminguy.com/2011/06/20/powershell-one-liners-ip-scanner/#commentsMon, 20 Jun 2011 15:23:45 +0000http://theadminguy.wordpress.com/2011/06/20/powershell-one-liners-ip-scanner/So why use powershell? I even heard someone say “this powershell is so over-rated, what does it offer, that cannot be done with cmd.exe and a another tool?”

Well, to me, that is exactly it, what does powershell offer, which cannot be done with cmd.exe?

What if you wanted just to check a defined range of IP’s in you managed subnet, to find which ones have live hosts on them?

This one-liner ping’s the range from 1 to 100 and returns the machines which replied.

The point here is not, that only Powershell can do this on Windows, and I know that ping.exe is not a native powershell cmd-let and what if the host does not respond to ICMP…bla bla..

But this method is simple, fast and intuitive. No need for starting up a dedicated application, no fiddling with scripts, just get the job done, which in turn leaves more room for other stuff.

/theadminguy

]]>https://theadminguy.com/2011/06/20/powershell-one-liners-ip-scanner/feed/1The Admin GuySmileRemove privileged folder in Windows 7https://theadminguy.com/2011/06/14/remove-privileged-folder-in-windows-7/
https://theadminguy.com/2011/06/14/remove-privileged-folder-in-windows-7/#commentsTue, 14 Jun 2011 06:06:15 +0000http://theadminguy.wordpress.com/?p=89Ever found yourself in the situation where you wanted to delete a folder in Windows 7, but you can’t because it has special rights in some way?

An example of such a folder could be the %windir%\winsxs.

In my case I had attached a virtual disk file (.vmdk) from one virtual machine to a new virtual machine.

So I wanted to clean this disk of the unneeded Windows folder, but as this folder as well as most of the subfolders are owned by TrustedInstaller, not by the local Administrators group. For the %windir%\winsxs folder, the administrators group as well as the local system user (NT Authority\System) has only read access to the files.

In order to delete the folder you have to do two things:

Take ownership of the folder and files

Grant the required user at least write access to the folder and files so they can be deleted

The above can be done using the %windir%\system32\takeown.exe and the %windir%\system32\Icacls.exe

If doing this on one machine, then you could just run the respective command lines:

A word of caution, there is no error checking in the script, so if you target the %systemroot% (usually c:\windows), the rights will be altered. As the script only adds permissions, the impact is not that huge, if the folder is not deleted after. But the rights are set in this manner for a reason

The script put all the server scopes into a variable and then processes it.

As the netsh output is filled with headers and other stuff, quite a number of trims and –replacements are done.

The whole thing is then put into a csv file.

As usual any hints and pointers are welcomed.

/theadminguy

]]>https://theadminguy.com/2010/04/15/export-dhcp-scopes-and-their-address-pools-to-a-csv-file/feed/9The Admin GuyESX VM guest listed as (invalid)https://theadminguy.com/2009/12/13/esx-vm-guest-listed-as-invalid/
https://theadminguy.com/2009/12/13/esx-vm-guest-listed-as-invalid/#respondSun, 13 Dec 2009 18:43:38 +0000http://theadminguy.wordpress.com/2009/12/13/esx-vm-guest-listed-as-invalid/So we had a massive maintenance on one of our ESX clusters. The maintenance entailed the complete shutdown of all VMs and hosts in the cluster. The entire task went relatively fine, with the exception of the usual stuff like:

HA configuration failed to apply to most of the hosts when they were powered on. Fix for this issue is straight forward: Disable HA for the cluster and re-enable it.

The upside to disabling HA when having to power-on multiple VMs (350+) is that they power-on faster, as the VMs do not have to go through HA admission control and you will of course receive no HA related errors

Job queuing in VI causing VMs to take some time to power-on

It appears to me that VI just throws all jobs in a pool and try to get to them as fast as possible. I would like the option to tell it to process a set amount of jobs at a time. This can of course be achieved with the power of shell, but if anybody knows how it can be done in the GUI, let me know.

But what about the invalid VM?

Well, one of the machines came up with the name in italics and with an (invalid) appended to the name… Of course the GUI did not provide much help. When attempting to power on the machine, the only message I got was a “not allowed in the the current state”

Well sometimes the easy solution is the right one (love when that happens

Unregister the invalid VM in VI

Open the datastore browser and browse to the folder containing the VM

Rename the original .vmxf file.

Register the VM in VI from the datastore browser (right-click –> Add to inventory –> Step through the wizard)

A new and proper .vmxf file is generated

Power-On the VM

Do let me know if there is any way of “hand creating” the extended config file. Not that it is very useful if it can be automatically generated, but it would be cool to be able to do it…

/theAdminGuy

]]>https://theadminguy.com/2009/12/13/esx-vm-guest-listed-as-invalid/feed/0The Admin Guyimage_thumb.pngModify Disk layout in Windows using powershell – updated versionhttps://theadminguy.com/2009/11/13/modify-disk-layout-in-windows-using-powershell-updated-version/
https://theadminguy.com/2009/11/13/modify-disk-layout-in-windows-using-powershell-updated-version/#commentsFri, 13 Nov 2009 23:25:13 +0000http://theadminguy.wordpress.com/2009/11/13/modify-disk-layout-in-windows-using-powershell-updated-version/At work one of my colleagues is fond of the phrase: Assume – makes and ass of you and me

Now this has, again, become very appropriate for me to use:

In my first post of the disk layout script, found here, I wrote with assumption and confidence: “but should also work on Windows Server 2003, if it does not then I have to redo the Altiris job”…

As it turns out, diskpart v5.2 does not support either the online disk command nor the format quick command, which is why I have had to add OS filtering (got to love the one-liner and the format command.

I have also had to remove the $_.DriveType -eq “3”, as an unformated primary partition under Windows Server 2003 R2 does not have a drivetype defined. But in order to salvage some honor, I’ll call that optimization, as it is actually not required, because that part of the script only assigns drive letters to volumes without one, and both the floppy and CDRom have one already.